How does a cyber attack do damage?
Attackers from the second category are not interested in a company’s data. They want to do damage or extort money. They use ransomware to threaten to encrypt data if the victim is not prepared to meet their ransom demands. A logic bomb turns a dissatisfied employee into a threat: he or she could delete all the data they can get their hands on at a particular point in time.
How RiskWorkers prepares the IT crisis management team
RiskWorkers conducts corporate cyber crisis management team exercises in which we confront a company’s IT crisis staff with simulated attacks. These realistic simulations give information on how effectively current and future members of the IT crisis management team deal with cyber attacks in an emergency. It is not only employees who are put to the test: the established processes to defend against attacks of this nature are also checked. Is everything up to date? Can anything be improved? Can they be scaled-up enough to match the company’s growth? In short, we give the IT crisis management team the opportunity to test out an emergency scenario without putting the company’s assets in danger.
Selected managers all receive a threatening email at the same time. The email tells them that employees’ personal information will be encrypted if a ransom is not paid within 24 hours. Two days later, backdoor malware encrypts files on 200 client systems.
Advanced Persistent Threat
Spyware is introduced using social engineering, and gives attackers administrative rights to privilege escalation. Next, attackers use lateralisation to gain access to other parts of the IT infrastructure. After the cyber attack, important business secrets are sent via encrypted DNS backchannels until they are discovered by chance.
An employee is at risk of losing his job. Out of frustration he installs a logic bomb on one of the company’s server. It will start to delete saved files at a pre-defined point in time.